﻿@model AccountViewModel
@{
    var parent = (WebViewPage)TempData["Parent"];
}

@helper WarnForUnconfirmedEmailAddress()
{
    if (Model.IsOrganization)
    {
        @ViewHelpers.AlertWarning(@<text>You must confirm the organization's email address before you can register or manage certificates.</text>)
    }
    else
    {
        @ViewHelpers.AlertWarning(@<text>You must confirm your email address before you can register or manage certificates.</text>)
    }
}

@helper WarnFor2FARequirement()
{
    if (Model.User.EnableMultiFactorAuthentication)
    {
        @ViewHelpers.AlertWarning(@<text>You must log in using two-factor authentication before you can register or manage certificates.</text>)
    }
    else
    {
        @ViewHelpers.AlertWarning(@<text>You must enable two-factor authentication before you can register or manage certificates. This can be enabled in your <a href="@Url.AccountSettings()">Account Settings</a>.</text>)
    }
}

@helper InformAboutOrgSettingsPage()
{
    if (Model.IsOrganization)
    {
        @ViewHelpers.AlertInfo(@<text>To manage certificates for your individual account, go to <a href="@Url.AccountSettings()">your account's settings page</a>.</text>)
    }
    else
    {
        @ViewHelpers.AlertInfo(@<text>To manage certificates for an organization, go to the <a href="@Url.ManageMyOrganizations()">organization's settings page</a>.</text>)
    }
}

@ViewHelpers.Section(
    parent,
    "certificates",
    @<text>Certificates</text>,
    @<text>
        <span id="certificates-section-header"></span>
    </text>,
    @<text>

        <form id="addCertificateForm" enctype="multipart/form-data" aria-hidden="true">
            @Html.AntiForgeryToken()
        </form>

        <div class="list-certificates">
            @if (!Model.HasConfirmedEmailAddress)
            {
                @WarnForUnconfirmedEmailAddress()
            }

            @if (!Model.WasMultiFactorAuthenticated && !User.WasAzureActiveDirectoryAccountUsedForSignin())
            {
                @WarnFor2FARequirement()
            }
            
            @InformAboutOrgSettingsPage()

            <!-- ko if: $data.hasMissingInfo() -->
            @ViewHelpers.AlertInfo("The certificate details will be available when you push a package signed by the registered certificate(s).")
            <!-- /ko -->
            
            <div class="row" data-bind="ifnot: $data && $data.hasCertificates && $data.hasCertificates()">
                <div class="col-xs-12 clearfix">
                    All your packages need to be signed by one of the registered certificates.  <a href="https://docs.microsoft.com/nuget/reference/signed-packages-reference">Learn more about package signing.</a>
                    <br /> <br />
                </div>
            </div>

            <div data-bind="if: $data && $data.hasCertificates && $data.hasCertificates()">
                <div class="panel-collapse collapse in" aria-expanded="true">
                    <div class="table-container">
                        <table class="table" role="list">
                            <thead>
                                <tr class="manage-certificate-headings">
                                    <th>Fingerprint (SHA-256)</th>
                                    <th>Subject</th>
                                    <th>Expiration</th>
                                    <th>Issuer</th>
                                    <th><span class="hidden">Icon</span></th>
                                </tr>
                            </thead>
                            <tbody data-bind="foreach: $data.certificates">
                                <tr class="manage-certificate-listing" role="listitem">
                                    <td><samp class="small-fingerprint break-word" data-bind="text: Thumbprint"></samp></td>
                                    <td data-bind="text: ShortSubject, attr: { title: Subject }"></td>
                                    <td data-bind="text: ExpirationDisplay, attr: {
                                    title: IsExpired ? 'This certificate\'s expiration date is in the past. Future packages signed with this certificate will fail validation. Upload a renewed certificate to enable signed package uploads.' : ExpirationIso,
                                    class: IsExpired ? 'expired-certificate' : ''
                                    }">
                                    </td>
                                    <td data-bind="text: ShortIssuer, attr: { title: Issuer }"></td>
                                    <td class="text-right align-middle package-controls">
                                        <span data-bind="visible: CanDelete">
                                            <a class="btn btn-brand-danger" title="Delete certificate" tabindex="0" data-bind="attr: { 'data-href': DeleteUrl, 'aria-label': 'Delete certificate' }, click: $parent.deleteCertificate">
                                                <i class="ms-Icon ms-Icon--Delete" aria-hidden="true"></i>
                                            </a>
                                        </span>
                                    </td>
                                </tr>
                            </tbody>
                        </table>
                    </div>
                    <p>
                        The SHA-256 fingerprint can be found by calculating the SHA-256 hash of the DER encoded
                        certificate file (.cer). The fingerprint should be hex-encoded. This can be done with a variety
                        of tools.
                    </p>
                    <p>
                        <b>PowerShell:</b> <samp>Get-FileHash -Algorithm SHA256 .\my-public-certificate.cer</samp>
                        <br />
                        <b>nuget.exe:</b> <samp>nuget.exe verify -Signatures .\my-signed-package.1.0.0.nupkg</samp>
                    </p>
                </div>
            </div>
        </div>

        @if ((Model.WasMultiFactorAuthenticated || User.WasAzureActiveDirectoryAccountUsedForSignin()) && Model.CanManage && Model.HasConfirmedEmailAddress)
        {
        <div class="collapse in row" id="upload-certificate-form" aria-expanded="true">
            @Html.ValidationSummary(true)

            <form id="uploadCertificateForm" class="certificates-form" enctype="multipart/form-data" aria-label="Register a certificate">
                @Html.AntiForgeryToken()

                <div class="col-sm-6">
                    Register a certificate by uploading a certificate file (.cer).
                </div>
                <div class="col-sm-6">
                    <label for="input-select-file" id="CertificateFileLabel" class="input-group-btn">
                        <span id="register-new" class="btn btn-brand form-control" tabindex="0" aria-label="Register a new certificate" role="button">
                            Register new<input type="file" name="uploadFile" accept=".cer" aria-labelledby="CertificateFileLabel" id="input-select-file" style="display:none;" />
                        </span>
                    </label>
                </div>
            </form>
        </div>
        <div id="validation-failure-container" class="hidden"></div>
        }
    </text>,
    expanded: false)